Finalize changes for 3.3-1

[kerberos/krb5-strength.git] / plugin / heimdal.c

diff --git a/plugin/heimdal.c b/plugin/heimdal.c
index 6cdfe1a5ed8a5367335d7b91a536e14f68541062..8ace00ab59e7288e559a4b6c2ddb6e942a306075 100644 (file)
--- a/plugin/heimdal.c
+++ b/plugin/heimdal.c
@@ -12,11 +12,11 @@
  * instead.
  *
  * Written by Russ Allbery <eagle@eyrie.org>
- * Copyright 2020 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2020, 2023 Russ Allbery <eagle@eyrie.org>
  * Copyright 2009, 2013
  *     The Board of Trustees of the Leland Stanford Junior University
  *
- * See LICENSE for licensing terms.
+ * SPDX-License-Identifier: MIT
  */
 
 #include <config.h>
@@ -65,7 +65,7 @@ heimdal_pwcheck(krb5_context ctx, krb5_principal principal,
                 size_t length)
 {
     krb5_pwqual_moddata data = NULL;
-    char *pastring = NULL;
+    char *pastring;
     char *name = NULL;
     krb5_error_code code;
 
@@ -99,6 +99,7 @@ heimdal_pwcheck(krb5_context ctx, krb5_principal principal,
         convert_error(ctx, code, NULL, message, length);
 
 done:
+    explicit_bzero(pastring, password->length);
     free(pastring);
     if (name != NULL)
         krb5_free_unparsed_name(ctx, name);